VMG1312-B10A Support Notes

(1)

VMG1312-B10A

Support Notes

January 2012

(2)

Index

General Application Notes ...6

Why use VMG1312-B10A? ...6

Application Scenario...8

Prologue...10

Access Application Notes ...12

Web GUI...12 Telnet...13 Broadband...14 VDSL Interface Configuration...14 WAN Configuration...15 Bridge Mode...15 IPoE Mode...16 PPPoE Mode...17 IP Multicast ...19 IP Multicast Introduction ...19 IGMP Setting ...20

Protocol Based Scenario ...21

Environment...21

WAN Configuration...22

VLAN Based Scenario...25

Environment...25

WAN Configuration...26

Quality of Service ...30

Environment...30

QoS configuration...31

TR069 – Remote Firmware Upgrade...34

Environment...34

TR069 Configuration ...35

NAT Port Forwarding ...36

NAT/Multi-NAT Introduction ...36

Environment...39

(3)

Client List Configuration...43

Using Universal Plug n Play (UPnP)...45

Universal Plug n Play (UPnP) Configuration...48

Maintenance Log ...49

Internal Maintenance...49

Remote Maintenance...51

Maintenance Tool...52

Maintenance Procedure ...52

Wireless Application Notes...55

Wireless Introduction...55 Wireless Configuration...64 WPS Application Notes ...75 What is WPS?...75 WPS configuration...76 Product FAQ...78

Will the device work with my Internet connection? ...78

Why do I need to use VMG1312-B10A? ...78

What is PPPoE? ...78

Does the device support PPPoE? ...78

How do I know I am using PPPoE?...79

Why does my provider use PPPoE?...79

Which Internet Applications can I use with the device?...79

How can I configure the device? ...79

What network interface does the device support? ...79

What can we do with the device? ...79

Does device support dynamic IP addressing?...79

What is the difference between the internal IP and the real IP from my ISP? ...80

How does e-mail work through the device? ...80

What DHCP capability does the device support? ...80 How do I used the reset button, more over what field of parameter will be

(4)

What IP/Port mapping does Multi-NAT support? ...83

What is BOOTP/DHCP?...84

What is DDNS?...85

When do I need DDNS service? ...85

Wireless FAQ...86

What is a Wireless LAN? ...86

What are the advantages of Wireless LANs? ...86

What are the disadvantages of Wireless LANs?...87

Where can you find wireless 802.11 networks? ...87

What is an Access Point?...87

What is IEEE 802.11?...87 What is 802.11b? ...87 How fast is 802.11b?...88 What is 802.11a?...88 What is 802.11g? ...88 What is 802.11n? ...88

Is it possible to use products from a variety of vendors?...89

What is Wi-Fi?...89

What types of devices use the 2.4GHz Band? ...89

Does the 802.11 interfere with Bluetooth devices? ...89

Can radio signals pass through walls? ...90

What are potential factors that may causes interference among WLAN products?...90

What's the difference between a WLAN and a WWAN?...90

What is Ad Hoc mode?...90

What is Infrastructure mode?...91

How many Access Points are required in a given area? ...91

What is Direct-Sequence Spread Spectrum Technology – (DSSS)?...91

What is Frequency-hopping Spread Spectrum Technology – (FHSS)? ...91

Do I need the same kind of antenna on both sides of a link?...91

Why the 2.4 Ghz Frequency range?...92

What is Server Set ID (SSID)? ...92

What is an ESSID?...92

(5)

decrypt data? ...93

Can the SSID be encrypted? ...93

By turning off the broadcast of SSID, can someone still sniff the SSID? ...93

What are Insertion Attacks?...94

What is Wireless Sniffer? ...94

What is the difference between Open System and Shared Key of Authentication Type?...94

What is 802.1x? ...94

What is the difference between No authentication required, No access allowed and Authentication required? ...95

What is AAA?...95

What is RADIUS?...95

What is WPA?...95

What is WPA-PSK?...96

Trouble Shooting...97

How to enter the “Shell mode” ...97

CPU usage...97

Memory usage...98

Current processes...99

NAT session table...100

IGMP table...101

Packets statistics...102

Physical layer statistics ...103

(6)

General Application Notes

The VMG1312-B10A is a VDSL2 gateway providing high speed Internet access for triple-play applications. It features VDSL2/ADSL2+ functionality, which support up to 17a profile in VDSL2. It also equipped with 4-ports 10/100Base-T Ethernet for LAN connection, 1-port USB host interface for file sharing or 3G WAN backup, and built-in 802.11n (2 x 2 configuration) WLAN bringing relief to those

troublesome wirings.

Why use VMG1312-B10A?

 _{High Speed Internet Access}

The VMG1312-B10A provides VDSL2 up to profile 17a with data rates up to 100Mbps in downstream direction and 45Mbps in upstream direction. The VDSL2 technology can support the wide deployment of Triple Play services such as voice, video, data, high definition television (HDTV) and interactive gaming, it also enables operators and carriers to gradually, flexibly, and cost efficiently upgrade existing xDSL-infrastructure.

 _{802.11n wireless access}

Built in with 802.11n technology, VMG1312-B10A provides the ultimate solution for speed and coverage. With data rate up to 300Mbps, it provides stable and reliable wireless connections for high speed data and multimedia delivery. It eliminates dead zones and extends coverage by using coming IEEE 802.11n technology and backwards compatible with any IEEE 802.11b/g/n Wi-Fi certified device.

 Quality of Service (QoS)

(7)

 TR-069 remote management support

With TR-069 standard management specifications, service provide is able to manage and configure the client devices remotely without end-user’s manual intervention. This unique feature not only offers users truly “plug-and-play” experience but also reduce the complexity of deployment and therefore saves service provider’s operation and maintenance cost.

(8)

Application Scenario

FTTx - FTTC Solution

A typical scenario is used with VMG1312-B10A in a FTTC (Fiber to the Curb) solution. The VMG1312-B10A serves as a home gateway, providing the high speed INTERNET service and High Quality IPTV service. The COE (VDSL switch) is located in a street cabinet, providing a high speed service within a 600 feet range, assuring the bandwidth reaching up to 100/45Mbps (Downstream/Upstream) at maximum.

(9)

FTTx – FTTB Solution

An often seen scenario is used with VMG1312-B10A in a FTTB (Fiber to the Building) solution. The VMG1312-B10A serves as a home gateway, providing the high speed INTERNET service, High Quality IPTV service. The COE (VDSL switch) is located inside the cabinet of building, providing a high speed service covering the whole apartment, assuring the bandwidth reaching up to 100/45Mbps

(10)

Prologue

 _{Before we begin.}

The device is shipped with the following factory defaults:

1. IP address = 192.168.1.1, subnet mask = 255.255.255.0 (24 bits) 2. DHCP server enabled with IP pool starting from 192.168.1.2 3. Default username/password = admin/1234

 _{Setting up the PC (Windows OS)}

1. Ethernet Connection

 _{All PCs must have an Ethernet adapter card installed}

2. TCP/IP Installation

You must first install the TCP/IP software on each PC before you can use it for the Internet access. If you have already installed the TCP/IP, go to the next section to configure it; otherwise, follow these steps to install:

 In theControl Panel/Networkwindow, clickAddbutton.

 In the Select Network Component Type windows, select Protocol and click

Add.

 In the Select Network Protocol windows, select Microsoft from the

manufacturers, then selectTCP/IPfrom theNetwork Protocolsand clickOK. 3. TCP/IP Configuration

Follow these steps to configure Windows TCP/IP:

 In theControl Panel/Networkwindow, click theTCP/IPentry to select it and

clickPropertiesbutton.

 _{In the}_TCP/IP_{Properties window, select}_{obtain an IP address automatically}_.

(11)

 Click theGatewaytab. Highlight any installed gateways and click the Remove

button until there are none listed.

 Click theDNS Configurationtab and selectDisable DNS.  ClickOKto save and close theTCP/IPproperties window.

 Click OK to close the Network window. You will be prompted to insert your

Windows CD or disk. When the drivers are updated, you will be asked if you want to restart the PC. Make sure that your Device is powered on before answering “Yes” to the prompt. Repeat the aforementioned steps for each Windows PC on your network.

(12)

Access Application Notes

Web GUI

The following procedure is for the most typical usage of device using a Browser. The device supports the embedded Web server that allows you to use Web browser to configure it. Before configuring the router using Browser, please be sure there is no Telnet or Console login.

a. Login the VMG1312-B10A via Web GUI.

1. Set up your PC/NB IP address to be a DHCP client.

2. Connect to a LAN port of VMG1312-B10A via RJ45 Ethernet cable and open your IE browser.

3. The default IP of VMG1312-B10A is 192.168.1.1 username/password = admin/1234.

(13)

Telnet

Telnet is also a common way to configure the device, but we have to use CI commands which may not be quick-to-learn. The list of the commonly used CI commands is provided at the end of this document.

b. Login the VMG1312-B10A via Telnet.

1. Set up your PC/NB IP address to be a DHCP client.

2. Connect to a LAN port of VMG1312-B10A via RJ45 Ethernet cable and open your Hyper Terminal software (capable of using TELNET).

3. The default IP of VMG1312-B10A is 192.168.1.1 username/password = admin/1234.

(14)

Broadband

VDSL Interface Configuration

1. Click Network Settings > Broadband to modify the type of the WAN Layer 2 Interface.

2. There are two Interfaces support for VMG1312-B10A.

3. In the Broadband Interface Configuration page, there are two types: VDSL Mode, ADSL Mode.

(15)

WAN Configuration

Bridge Mode

Scenario:

The VMG1312-B10A is a CPE bridge. a. Bridge Mode

1. Go to Network Settings > Broadband > Add New WAN Interface.

2. Click modify icon to modify the WAN service of VMG1312-B10A to bridge mode.

3. Select the WAN service type to be “Bridging”. Also you want to enter the Name.

(16)

4. Click Apply to Save. The summary will be showed on the Broadband page that includes all related configuration parameters.

IPoE Mode Scenario:

The VMG1312-B10A is a DHCP client in routing mode. b. IPoE Mode

1. Go to Network Settings > Broadband.

2. Click modify icon to modify the WAN service type of VMG1312-B10A. 3. Select the Encapsulation to be “IPoE”. Also you want to enter the Name.

(17)

PPPoE Mode Scenario:

The VMG1312-B10A is a PPPoE client. c. PPPoE Mode

2. Click modify icon to modify the WAN service type of VMG1312-B10A. 3. Select Encapsulation to be “PPPoE”. Also you want to enter the Name.

(18)

4. Enter the PPP Username, e.g. “test”. Enter the PPP Password, e.g. “1234”.

5. Click Apply button to save and then review all WAN setup parameters to make sure all related settings are correct.

(19)

IP Multicast

IP Multicast Introduction

 _{What is the IP Multicast?}

Traditionally, the IP packets are transmitted in two ways: unicast or broadcast. Multicast is a third way to deliver the IP packets to a group of hosts. Host groups are identified by the class D IP addresses, i.e., those with "1110" as their higher-order bits. In dotted decimal notation, host group addresses range from 224.0.0.0 to 239.255.255.255. Among them, 224.0.0.1 is assigned to the permanent IP hosts group, and 224.0.0.2 is assigned to the multicast routers group.

The IGMP (Internet Group Management Protocol) is the protocol used to support multicast groups. The latest version is version 3 (See RFC3376). The IP hosts use the IGMP to report their multicast group membership to any immediate-neighbor multicast routers, so the multicast routers can decide if a multicast packet needs to be forwarded. At the start-up, the Prestige queries all directly connect networks to gather group membership.

After that, the CPE updates the information by periodic queries. The device implementation of IGMP is also compatible with version 1.

(20)

IGMP Setting a. IP Multicast

1. Go to Network Settings > Broadband .

2. At the Routing Feature, check the checkbox of Enable. To enable IP multicast for this WAN Service.

(21)

Protocol Based Scenario

Environment

The Network structure of Central Office depends on the deployment of different ISP (Internet Service Provider) in different environments in different countries. One of the commonly known methods for separating different types of traffic is by classifying their transmitting protocols. In the case of the aforementioned diagram, the INTERNET traffic is encapsulated in the PPPoE and the IPTV traffic is encapsulated in the IPoE. The COE (VDSL switch) has the ability to distinguish those 2 traffics and assign the dedicated ACL rules to them. So, how should we configure the

(22)

WAN Configuration a. INTERNET Service

2. Click modify icon to modify the WAN service type of VMG1312-B10A. 3. Select the WAN service type to be “PPPoE”. Also you want to enter the

Name.

4. Enter the PPP Username, e.g. “[email protected]”. Enter the PPP Password, e.g. “1234”.

5. Click Apply button to save and then review all WAN setup parameters to make sure all related settings are correct; the IGMP multicast should be Disabled.

(23)

b. IPTV Service

1. Go to Network Settings > Broadband. 2. Click Add New WAN Interface.

3. Select the Encapsulation type to be “IPoE”. Also you want to enter the Name.

4. Select “Obtain an IP address automatically” in the WAN Configuration Settings page.

(24)

5. We don’t enable the NAT at this IPTV WAN service; but we need to check the checkbox for IGMP Proxy Enable.

(25)

VLAN Based Scenario

Environment

The Network structure of Central Office depends on the deployment of different ISP (Internet Service Provider) in different environments in different countries. One of the commonly known methods for separating different types of traffic is by classifying their VLAN ID. In the case of the aforementioned diagram, the INTERNET traffic is tagged with a VID=100 and the IPTV traffic is tagged with a VID=200. The COE (VDSL switch) receives the already VLAN tagged traffic from the CPE, and

(26)

WAN Configuration a. IPTV Service

1. Go to Network Settings > Broadband. 2. Click Add New WAN Interface.

3. Select the Encapsulation type to be “IPoE”. Also you want to enter the Name.

4. Select “Obtain an IP address automatically” in the WAN Configuration Settings page.

(27)

We don’t enable the NAT at this IPTV WAN service; but we need to check the checkbox for IGMP Proxy Enable.

5. Enter the 802.1P priority 5 and 802.1Q VLAN ID 100

(28)

INTERNET Service

1. Go to Network Settings > Broadband > Add New WAN Interface. 2. Set the WAN Service Configuration to PPP over Ethernet (PPPoE).

3. Check Active box of VLAN item and enter 802.1P priority 3 and 802.1Q VLAN ID 200.

4. Enter the PPP Username and PPP Password, check Enable NAT box and Apply as Default Gateway box.

(29)

(30)

Quality of Service

Environment

The “Quality of Service” feature in VMG1312-B10A has the ability to assign different task in accordance with the chosen type of traffic. In the case of the aforementioned diagram, we would like to limit the maximum upload rate of the IPTV service to 350 kbps. So how should we configure the VMG1312-B10A to fit the aforementioned scenario? The following step-by-step procedure instructs us the method.

(31)

QoS configuration a. Enable QoS

1. Go to Network Settings > QoS. 2. Check the Active QoS box.

3. Go to Network Settings > QoS > Queue Setup. 4. Click Add New Queue.

b. Configure the Video traffic. 1. Check the Enable box.

2. Enter the Queue Name box, e.g. “Queue1”. 3. Select the Outgoing interface, e.g. “WAN”. 4. Select the Priority as “2”.

5. Select the Weight as “3”. 6. Click Ok.

(32)

7. Go to Network Settings > QoS > Class Setup. 8. Click Add New Classifier.

9. Check the Enable box.

10. Enter the Name, e.g. “Video”.

11. Select the Classification Order to be “Last”. 12. Select the Ether Type to be “IP (0x800)”. 13. Check the From Interface to be “LAN1”. 14. Click Apply.

(33)

c. Configure the Video traffic Policer.

1. Go to Network Settings > QoS > Policer Setup 2. Click Add New Policer.

3. Check the Enable box.

4. Enter the Policer Name box, e.g. “test”.

5. Select the Meter Type as “Simple Token Bucket”. 6. Enter the Committed Rate as “350”.

7. Enter the Committed Burst Size as “100”.

(34)

TR069 – Remote Firmware Upgrade

Environment

The VMG1312-B10A provides the TR-069 remote management feature; it could speed up the deployment of CPEs and ease our supporting costs. It can also help the VDSL ISP (Internet Service Provider) to reduce operation effort as well as enhance customer satisfaction. In the case of the aforementioned diagram, the TR069 ACS server remote upgrades the firmware of CPE. So how should we configure the VMG1312-B10A to fit the aforementioned scenario? The following step-by-step procedure instructs us the method.

(35)

TR069 Configuration

Configure the required TR069 parameters for the ACS server.

1. Go to Maintenance > Remote Management > TR069 Client. 1. Check the Enable box.

2. Enter the Inform Interval, e.g. “30” seconds.

3. Enter the ACS URL, e.g. “http://59.124.163.140/TR069”. 4. Enter the ACS User Name, e.g. “admin”.

5. Enter the ACS Password, e.g. “1234”.

6. Select the WAN Interface used by TR-069 client, e.g. “Any_WAN”. 7. Click Apply.

(36)

NAT Port Forwarding

NAT/Multi-NAT Introduction

 _{What is Multi-NAT?}

The NAT (Network Address Translation-NAT RFC 1631) is the translation of an Internet Protocol address used within one network to a different IP address known within another network. One network is designated as the inside network and the other is the outside. Typically, one company maps its local inside network addresses to one or more global outside IP addresses and "unmaps" the global IP addresses on the incoming packets back into local IP addresses. The IP addresses for NAT can be either fixed or dynamically assigned by the ISP. In addition, you can designate servers, e.g., a Web server and a Telnet server, on your local network and make them accessible to the outside world. If you do not define any servers, the NAT offers the additional benefit of firewall protection. In such case, all incoming connections to your network will be filtered out by the CPE, thus preventing intruders from probing your network.

For more information on the IP address translation, please refer to RFC 1631, The IP Network Address Translator (NAT).

 _{How NAT works?}

If we define the local IP addresses as the Internal Local Addresses (ILA) and the global IP addresses as the Inside Global Address (IGA), see the following figure. The term 'inside' refers to the set of networks that are subject to translation. The NAT operates by mapping the ILA to the IGA required for communication with hosts on other networks. It replaces the original IP source address (and TCP or UDP source port numbers) and then forwards each packet to the Internet ISP, thus making them appear as if they came from the NAT system itself (e.g., the CPE router). The CPE keeps track of the original addresses and port numbers, so the incoming reply packets can have their original values restored.

(37)

 _{NAT Mapping Types}

The NAT supports five types of IP/port mapping. They are: 1. One to One

In One-to-One mode, the Prestige maps one ILA to one IGA. 2. Many to One

In Many-to-One mode, the CPE maps multiple ILAs to one IGA. 3. Many to Many Overload

In Many-to-Many Overload mode, the CPE maps the multiple ILAs to shared IGA. 4. Many to Many No Overload

In Many-to-Many No overload mode, the CPE maps each ILA to unique IGA.

 _{Server (DMZ host)}

(38)

The following table summarizes these types.

NAT Type IP Mapping Mapping

Direction One-to-One ILA1<--->IGA1 Both Many-to-One ILA1---->IGA1 ILA2---->IGA1 ... Outgoing Many-to-Many Overload ILA1---->IGA1 ILA2---->IGA2 ILA3---->IGA1 ILA4---->IGA2 ... Outgoing Many-to-Many No Overload (Allocate by Connections) ILA1---->IGA1 ILA2---->IGA3 ILA3---->IGA2 ILA4---->IGA4 ... Outgoing

Server Server 1 IP<----IGA1

Server 2 IP<----IGA1 Incoming

 Port numbers for some services:

Service Port Number

FTP 21

Telnet 23

SMTP 25

(39)

Environment

The NAT provides system administrators an easy solution to create a private IP network for security and IP management. Powered by NAT technology, the

VMG1312-B10A supports complete the NAT mapping and most popular Internet multimedia applications. This feature is the best described with the NAT port forwarding feature implemented in the CPE. In the case of the above diagram, we have a FTP server installed behind the CPE with an IP assigned by the local DHCP server (192.168.1.33). How should we configure the VMG1312-B10A, so that the notebook at the WAN site can access the FTP server? The following step-by-step procedure instructs us the method.

(40)

Port Forwarding Configuration

Create a port forwarding rule for the FTP server.

1. Go to Network Settings> NAT > Port Forwarding. 2. Select the Service Name, e.g. “FTP”.

3. Select the WAN Interface, e.g. “VDSL_test”. 4. Enter the Server IP Address, e.g. “192.168.1.33”. 5. Enter the External port Start, e.g. “21”.

6. Enter the External port End, e.g. “21”. 7. Enter the Internal port Start, e.g. “999”. 8. Enter the Internal port End, e.g. “999”. 9. Select the Protocol, e.g. “TCP”.

10. Click Apply.

A warning message as followed will pop up:

This phenomenon is normal, because the CPE itself can be accessed by the FTP, which the port is also 21. Since we are creating a new rule using port 21, the default port number of the CPE’s FTP server port will automatically be moved to 2121.

(41)

DMZ Host Configuration

If we enable the DMZ host, it will open up all the internal ports to the dedicated Server IP (in this case, IP = 192.168.100.35) allowing client at the WAN side to access the FTP server via port forwarding.

a. Create a DMZ host.

1. Go to Network Settings > NAT > DMZ.

2. Enter the IP of the Default Server Address, e.g. “192.168.100.35”. 3. Click Apply.

(42)

LAN Connection

IP Alias Introduction

 _{What is the IP Alias?}

In a typical environment, a LAN router is required to connect two local networks. The device can connect three local networks to the ISP or a remote node; we call this function as 'IP Alias'. In this case, an internal router is not required. For example, the network manager can divide the local network into three networks and connect them to the Internet using CPE's single user account. See the following figure.

The CPE supports three virtual LAN interfaces via its single physical Ethernet interface. As to the second and third networks, we call 'IP Alias 1' and 'IP Alias 2'.

(43)

IP Alias Configuration a. IP Alias

1. Go to Network Settings > Home Networking > Additional Subnet. 2. Check the Active IP Alias box.

3. Enter the IP Address, e.g. “10.0.0.1”.

4. Enter the IP Subnet Mask, e.g. “255.255.255.0”. 5. Click Apply.

Client List Configuration

We can manually assign a particular IP to a DHCP client with the specific MAC address.

a. Enable the DHCP server.

1. Go to Network Settings > Home Networking > LAN Setup. 2. Enter the IP Address, e.g. “192.168.100.1”.

3. Enter the IP Subnet Mask, e.g. “255.255.255.0”. 4. Check the Enable box of DHCP Server State.

5. Enter the Beginning IP Address, e.g. “192.168.100.33”. 6. Enter the Ending IP Address, e.g. “192.168.100.254”.

(44)

b. Show information on the DHCP server. 1. Login the device by Telnet.

2. Type the command “lan config” to enter configuration mode. 3. Type the command “dhcpserver show”

(45)

Using Universal Plug n Play (UPnP)

 _{1. What is the UPnP?}

The UPnP (Universal Plug and Play) makes the connecting PCs of all form factors, intelligent appliances and wireless devices in the home, office and everywhere in between easier and even automatic by leveraging the TCP/IP and Web technologies. The UPnP can be supported essentially in any operating system and works essentially with any type of physical networking media, wired or wireless.

The UPnP also supports the NAT Traversal which can automatically solve many NAT unfriendly problems. By the UPnP, applications assign the dynamic port mappings to the Internet gateway and delete the mappings when the connections are complete.

The key components in the UPnP are devices, services and control points.

 Devices: Network devices, such as networking gateways, TV, refrigerators,

printers, etc, which provide services.

 Services: Services are provided by devices, such as time services provided by

alarm clocks. In the UPnP, services are described in XML format. Control points can set/get services information from devices.

 Control points: Control points can manipulate the network devices. When

you add a new control point (in this case, a laptop) to a network, the device may ask the network to find the UPnP-enabled devices. These devices respond with their URLs and device descriptions.

(46)

UPnP Operations

 Addressing: The UPnPv1 devices MAY support IPv4, IPv6, or both. For IPv4,

each device should have the DHCP client. When the device gets connected to the network, it will discover DHCP server on network to get an IP address. If not, then the Auto-IP mechanism should be supported, so that the device can give itself an IP address. (169.254.0.0/16)

 Discovery: Whenever a device is added into the network, it will advertise its

service over the network. Control point can also discover services provided by devices.

 Description: Control points can get more detailed service information from

devices' description in XML format. The description may include the product name, model name, serial number, vendor ID and embedded services, etc.

 Control: Devices can be manipulated by control points through Control

message.

 Eventing: Devices can send event message to notify control points, if there is

any update on services provided.

 Presentation: Each device can provide its own control interface by the URL

(47)

 _{2. Using the UPnP in ZyXEL devices.}

In this example, we will introduce how to enable the UPnP function in ZyXEL devices. Currently, Microsoft MSN is the most popular application exploiting the UPnP, so we take Microsoft MSN application as an example in this support note. You can learn how MSN benefits from the NAT traversal feature in UPnP in this application note.

In the diagram, supposing that PC1 and PC2 both sign in MSN server, they would like to establish a video conference. The PC1 is behind the PPPoE dial-up router which supports the UPnP. Since the router supports the UPnP, we don't need to setup the NAT mapping for PC1. As long as we enable the UPnP function on the router, the PC1 will assign the mapping to the router dynamically. Note that, since the PC1 must support UPnP, we presume that its OS is Microsoft WinME or WinXP.

Device: Device Router

Service: NAT function provided by device Router Control Point: PC1

(48)

Universal Plug n Play (UPnP) Configuration a. Activate the UPnP feature.

1. Go to Network Settings > Home Networking > UPnP. 2. Check the Enable box.

(49)

Maintenance Log

Internal Maintenance

The VMG1312-B10A has the ability to record the events happening in the CPE into a system log (according to the severity) and maintain this log in itself.

a. Activate the Maintenance Log.

1. Go to Maintenance > Logs > Log Settings. 2. Check the Enable box.

3. Select the Mode, e.g. “Local File”. 4. Click Apply.

b. Show the log in the Web GUI. 1. Go to System Monitor > Log.

(50)

c. Show the log by Telnet.

1. Login the device by Telnet,

(51)

Remote Maintenance

The VMG1312-B10A also has the ability to send the system log outside the CPE. Let’s say that we want the system log to be sent to the notebook with IP =

192.168.100.101.

a. Activate the Maintenance Log.

1. Go to Maintenance > Log Settings. 2. Check the Enable box.

3. Select the Mode, e.g. “Remote”

4. Enter the Syslog Server IP Address to be “192.168.100.101”. 5. Click Apply.

(52)

Maintenance Tool

Maintenance Procedure

a. Upload Firmware.

1. Go to Maintenance > Firmware Upgrade.

2. Click Browse.

3. Select the Firmware to upload and click Open. 4. Click Upload.

b. Save Configuration.

(53)

(54)

c. Upload Configuration.

1. Go to Maintenance > Configuration.

2. Click Browse.

(55)

Wireless Application Notes

Wireless Introduction

WEP Configuration (Wired Equivalent Privacy) Introduction

The 802.11 standard describes the communication that occurs in the wireless LANs.

The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless communication from eavesdropping, because the wireless transmissions are easier to intercept than transmissions over wired networks, and wireless is a shared medium. Everything that is transmitted or received over a wireless network can be intercepted.

The WEP relies on a secret key that is shared between a mobile station (e.g. a laptop with a wireless Ethernet card) and an access point (i.e. a base station). The secret key is used to encrypt packets before they are transmitted, and an integrity check is used to ensure that packages are not modified during the transition. The standard does not discuss how the shared key is established. In practice, most installations use a single key that is shared between all mobile stations and access points APs.

The WEP employs the key encryption algorithm, Ron's Code 4 Pseudo Random Number Generator (RC4 PRNG). The same key is used to encrypt and decrypt the data.

(56)

The WEP has defenses against this attack. To avoid encrypting two cipher texts with the same key stream, an Initialization Vector (IV) is used to augment the shared WEP key (secret key) and produce a different RC4 key for each packet. The IV is also included in the package. The WEP keys (secret key) are available in two types, 64-bits and 128-bits. Many times you will see them referenced as 40-bits and 104-bits instead. The reason for this misnomer is that the WEP key (40/104 bits) is

concatenated with the initialization vector (24 bits) resulting in a 64/128 bit total key size.

(57)

encryption. To set up the Access Point, you will need to set one of the following parameters:

o 64-bit WEP key (secret key) with 5 characters.

o 64-bit WEP key (secret key) with 10 hexadecimal digits. o 128-bit WEP key (secret key) with 13 characters.

o 128-bit WEP key (secret key) with 26 hexadecimal digits. IEEE 802.1x Introduction

The IEEE 802.1x port-based authentication is desired to prevent the unauthorized devices (clients) from gaining access to the network. As the LANs extend to hotels, airports and corporate lobbies, the insecure environments could be created. The 802.1x port-based network access control makes use of the physical access characteristics of IEEE 802 LAN infrastructures, such as the 802.3 Ethernet, 802.11 Wireless LAN and VDSL LRE (Long Reach Ethernet), in order to provide a means of authenticating and authorizing devices attached to a LAN port that has point-to-point connection characteristics, and of preventing access to that port in case of the failure of authentication process.

(58)

The IEEE 802.1x authentication is a client-server architecture delivered with the EAPOL (Extensible Authentication Protocol over LAN). The authentication server authenticates each client connected to an Access Point (for Wireless LAN) or switch port (for Ethernet) before accessing any services offered by the Wireless AP. The 802.1x contains tree major components:

1. Authenticator:

The device (i.e. Wireless AP) facilitates the authentication for supplicant (Wireless client) attached on the Wireless network. Authenticator controls the physical access to the network based on the authentication status of client. The authenticator acts as an intermediary (proxy) between the client and authentication server (i.e. RADIUS server), requesting the identity information from the client, verifying that information with the authentication server and relaying a response to the client.

2. Supplicant:

The station (i.e. Wireless client) is being authenticated by an authenticator attached on the Wireless network. The supplicant requests access to the LAN services and responds to the requests from the authenticator. The station must be running the 802.1x-compliant client software, such as that offered in the Microsoft Windows XP operating system, Meeting House AEGIS 802.1x client and Odyssey 802.1x client.

3. Authentication Server:

The device (i.e. RADIUS server) provides an authentication service to an authenticator. This service determines, from the credentials provided by the supplicant, whether the supplicant is authorized to access the services provided by the authenticator. The authentication server performs the actual authentication of client. It validates the identity of the supplicant. Because the authenticator acts as the proxy, the authentication service is transparent to the supplicant.

Some Wireless AP (i.e. ZyXEL Wireless AP) have built-in authentication server, therefore the external RADIUS authentication server is not needed. In this case, the

(59)

The port state determines whether or not the supplicant (Wireless Client) is granted access to the network behind Wireless AP. There are two authentication port state on the AP, authorized state and unauthorized state.

By default, the port starts in the unauthorized state. While in this state, the port disallows all the incoming and outgoing data traffic, except for 802.1x packets. When a supplicant is successfully authenticated, the port transits to the authorized state, allowing all the traffic for client to flow normally. If a client that does not support the 802.1x is connected to an unauthorized 802.1x port, the authenticator requests the client’s identity. In this situation, the client does not respond to the 802.1x request; the port remains in the unauthorized state and the client is not granted access to the network.

When the 802.1x is enabled, the authenticator controls the port authorization state by using the following control parameters. The following three authentication control parameters are applied in the Wireless AP.

(60)

2. Force Unauthorized: Causes the port to remain in the unauthorized state, ignoring all attempts by the client to authenticate. The authenticator cannot provide

authentication services to the supplicants through the port. While AP is setup as Force Unauthorized, Wireless clients (supported 802.1x client or none-802.1x client) never have the access for the network.

3. Auto: Enables the 802.1x and causes the port to begin in the unauthorized state, allowing only the EAPOL frames to be sent and received through the port. The authentication process begins, when the link state of port transitions from down to up or when an EAPOL-start frame is received requests the identity of the client and begins relaying authentication messages between supplicant and the authentication server. Each supplicant attempting to access the network is uniquely identified by the authenticator by using the client’s MAC address. While the AP is setup as Auto, only the Wireless client supporting the 802.1x client can access the network.

 _{Re-Authentication}

The administrator can enable the periodic 802.1x client re-authentication and specify how often it occurs. When the re-authentication is time out, the

authenticator will send the EAP-Request/Identity to reinitiate authentication process. In the ZyXEL Wireless AP 802.1x implementation, if you do not specify a time period before enabling the re-authentication, the number of seconds between

re-authentication attempts is 1,800 seconds (30 minutes).

 _{EAPOL (Extensible Authentication Protocol over LAN)}

The authenticators and supplicants communicate with one another by using the Extensible Authentication Protocol (EAP and RFC-2284). The EAP was originally designed to run over PPP and to authenticate the dial-in users, but the 802.1x defines an encapsulation method for passing the EAP packets over Ethernet frames. This method is referred to as the EAP over LANs, or EAPOL. Ethernet type of EAPOL is 88-8E, two octets in length. The EAPOL encapsulations are described for IEEE 802 compliant environment, such as the 802.3 Ethernet, 802.11 Wireless LAN and Token Ring/FDDI.

(61)

The EAP protocol can support multiple authentication mechanisms, such as MD5-challenge, One-Time Passwords, Generic Token Card, TLS and TTLS etc. Typically, the authenticator will send an initial Identity Request followed by one or more Requests for authentication information. When supplicant receives the EAP request, it will reply the associated EAP response. So far, the ZyXEL Wireless AP only supports the MD-5 challenge authentication mechanism, but will support the TLS and TTLS in the future.

EAPOL Exchange between 802.1x Authenticator and Supplicant

The authenticator or supplicant can initiate the authentication. If you enable the 802.1x authentication on the Wireless AP, the authenticator must initiate

authentication, when it determines that the Wireless link state transits from down to up. It then sends an EAP-request/identity frame to the 802.1x client to request its identity. (Typically, the authenticator sends an initial identity/request frame

followed by one or more requests for authentication information.) Upon the receipt of frame, the supplicant responds with an EAP-response/identity frame.

However, if during boot-up, the supplicant does not receive an

EAP-request/identity frame from the Wireless AP, the client can initiate the authentication by sending an EAPOL-Start frame, which prompts the switch to request the supplicant’s identity. In above case, authenticator is co-located with authentication server. When the supplicant supplies its identity, the authenticator

(62)

The EAPOL packet contains the following fields: protocol version, packet type, packet body length, and packet body. Most of the fields are obvious. The packet type can have four different values and these values are described as followed:

(63)

 EAP-Packet: Both the supplicant and authenticator send this packet, when the

authentication is taking place. This is the packet that contains either the MD5-Challenge or TLS information required for authentication.

 EAPOL-Start: This supplicant sends this packet, when it wants to initiate the

authentication process.

 EAPOL-Logoff: The supplicant sends this packet, when it wants to terminate

its 802.1x session.

 EAPOL-Key: This is used for the TLS authentication method. The Wireless AP

uses this packet to send the calculated WEP key to the supplicant after the TLS negotiation has completed between the supplicant and RADIUS server. Wi-Fi Protected Access Introduction

The Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences between the WAP and WEP are user

authentication and improved data encryption. The WAP applies the IEEE 802.1x Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. You can not use the P-660HW-Tx v2's local user database for WPA authentication purpose, since the local user database uses the MD5 EAP which can not generate keys.

The WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check and IEEE 802.1x. Temporal Key Integrity Protocol uses 128-bits keys that are dynamically generated and distributed by the

authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extend initialization vector (IV) with sequencing rules and a re-keying mechanism.

If you do not have an external RADIUS and server, you should use the WPA-PSK (WPA Pre-Share Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords

(64)

Wireless Configuration

Activate the WLAN interface of the VMG1312-B10A and connect the notebook (802.11bgn wireless NIC required) under the WPA-PSK as its security mode. a. Wireless Setup.

1. Go to Network Settings > Wireless > General. 2. Check the Enable box.

3. Enter the Network Name(SSID), e.g. “TEST_01”. 4. Select the Security Mode, e.g. “WPA-PSK”. 5. Enter the Pre-Shared Key, e.g. “11111111”. 6. Select the Encryption, e.g. “TKIP+AES”. 7. Click Apply.

(65)

how all the wireless networks in your notebook (802.11bgn wireless NIC required):

(66)

We can see that the notebook is now connected to the WLAN interface of the VMG1312-B10A.

(67)

b. Wireless Setup Hiding the SSID.

3. Enter the Network Name(SSID), e.g. “TEST_01”. 4. Check the Hide Network Name(SSID) box. 5. Select the Security Mode, e.g. “WPA-PSK”. 6. Enter the Pre-Shared Key, e.g. “11111111”. 7. Select the Encryption, e.g. “TKIP+AES”. 8. Click Apply.

(68)

Show all the wireless networks in your notebook:

(69)

To connect to “TEST_01”, we need to configure the “Wireless Network Connection Properties” of the notebook WLAN interface:

(70)

Go “Connection” tab and check the box under the name of “Connect when this network is in range”.

(71)

Then we will see the notebook connected to the “TEST_01”, even though the SSID is now displayed in the broadcast list.

(72)

c. Wireless Setup Using “Auto Generate Key”.

3. Check the Generate Password Automatically box. 4. Select the Security Mode, e.g. “WPA-PSK”.

5. Select the Encryption, e.g. “TKIP+AES”. 6. Click Apply.

(73)

Show all the wireless networks in your notebook:

(74)

We can see that the notebook is now connected to the WLAN interface of the VMG1312-B10A.

(75)

WPS Application Notes

What is WPS?

Wi-Fi Protected Setup (WPS) is a standard created by the Wi-Fi Alliance for easy and secure establishment of a wireless home/office network. The goal of the WPS protocol is to simplify the process for configuring the security of the wireless network, and thus calling the name Wi-Fi Protected Setup.

There are several different methods defined in WPS to simplify the process of configuration. VMG1312-B10A supports two of those methods, which are the PIN Method and the PBC Method.

PIN Method:

A PIN (Personal Identification Number) has to be read from either a sticker on the new wireless client device or a display, and entered at either the wireless access point (AP) or a Registrar of the network.

PBC Method:

A simple action of “push button” suffices the process to activate the security of the wireless network and at the same time be subscribed in it.

(76)

WPS configuration a. WPS Setup

1. Go to Network Settings > Wireless > WPS. 2. Check the Enable box.

3. Click Apply.

b. WPS Station Setup

1. Go to Network Settings > Wireless > WPS. 2. Click the Connect.

(77)

c. MAC filtering

1. Go to Network Settings > Wireless > MAC Authentication. 2. Chick ck the Add new MAC address button.

3. Enter the MAC Address, e.g. “C8:6C:87:74:D7:3C”. 4. Click Apply.

(78)

Product FAQ

Will the device work with my Internet connection?

VMG1312-B10A is designed to be compatible with major ISPs utilize VDSL as a broadband service. VMG1312-B10A offers Ethernet ports to connect to your computer so the device is placed in the line between the computer and your ISP. If your ISP supports PPPoE you can also use the device, because PPPoE is supported in the device.

Why do I need to use VMG1312-B10A?

You need a VDSL modem/router to use with VDSL line, VMG1312-B10A is an ideal device for such application. The device has 4 Ethernet ports (LAN ports) and one VDSL WAN port. You should connect the computer to the LAN port and connect the VDSL line to the WAN port. If the ISP uses PPPoE you need the user account to access Internet.

What is PPPoE?

PPPoE stands for Point-to-Point Protocol over Ethernet that is an IETF draft standard specifying how a computer interacts with a broadband modem (i.e. xDSL, cable, wireless, etc.) to achieve access to the high-speed data networks via a familiar PPP dialer such as 'Dial-Up Networking' user interface. PPPoE supports a broad range of existing applications and service including authentication, accounting, secure access and configuration management. There are some service providers running of PPPoE today. Before configuring PPPoE in the device, please make sure your ISP supports PPPoE.

Does the device support PPPoE? Yes. The device supports PPPoE.

(79)

How do I know I am using PPPoE?

PPPoE requires a user account to login to the provider's server. If you need to configure a user name and password on your computer to connect to the ISP you are probably using PPPoE. If you are simply connected to the Internet when you turn on your computer, you probably are not. You can also check your ISP or the information sheet given by the ISP. Please choose PPPoE as the encapsulation type in the device if the ISP uses PPPoE.

Why does my provider use PPPoE?

PPPoE emulates a familiar Dial-Up connection. It allows your ISP to provide services using their existing network configuration over the broadband connections. Besides, PPPoE supports a broad range of existing applications and service including authentication, accounting, secure access and configuration management.

Which Internet Applications can I use with the device?

Most common applications include MIRC, PPTP, ICQ, Cu-SeeMe, NetMeeting, IP/TV, RealPlayer, VDOLive, Quake, QuakeII, QuakeIII, StarCraft, & Quick Time.

How can I configure the device?

a. Telnet remote management- driven user interface for easy remote management

b. Web browser- web server embedded for easy configurations What network interface does the device support?

The device supports 10/100M Ethernet to connect to the LAN computer or hub/switch and an up to 100M VDSL interface to the ISP.

(80)

What is the difference between the internal IP and the real IP from my ISP?

Internal IPs is sometimes referred to as virtual IPs. They are a group of up to 255 IPs that are used and recognized internally on the local area network. They are not intended to be recognized on the Internet. The real IP from ISP, instead, can be recognized or pinged by another real IP. The Device works like an intelligent router that route between the virtual IP and the real IP.

How does e-mail work through the device?

It depends on what kind of IP you have: Static or Dynamic. If your company has a domain name, it means that you have a static IP address. Suppose your company's e-mail address is [email protected]. Joe and Debbie will be able to send e-mail through the device using [email protected] and [email protected] respectively as their e-mail addresses. They will be able to retrieve their individual private and secure e-mail, if they have been assigned the proper access right.

If your company does not have a domain name, it means that your ISP provides you with a dynamic IP address.

Suppose your company's e-mail address is [email protected]. Jane and John will be able to send e-mail through the device using "jane"<[email protected]> and "john"<[email protected]> respectively as their e-mail addresses. Again, they will be able to retrieve their individual private and secured e-mail, if they have been assigned the proper access right.

What DHCP capability does the device support?

The device supports DHCP client (Ethernet encap) on the WAN port and DHCP server on the LAN port. The device's DHCP client allows it to get the Internet IP address from ISP automatically if your ISP use DHCP as a method to assign IP address. The device's internal DHCP server allows it to automatically assign IP and DNS addresses to the clients on the local LAN.

(81)

How do I used the reset button, more over what field of parameter will be reset by reset button?

You can used a sharp pointed object insert it into the little reset hole beside the power connector. Press down the reset button and hold down for approx 5 second, the unit will be reset. When the reset button is pressed the devices all parameter will be reset back to factory default include, password, and IP address.

The default IP address is 192.168.1.1, Password 1234.

What network interface does the new device series support?

The new device series support auto MDX/MDIX 10/100M Ethernet LAN port to connect to the computer or Switch on LAN.

How does the device support TFTP?

In addition to the direct console port connection, the device supports the uploading/download of the firmware and configuration file using TFTP (Trivial File Transfer Protocol) over LAN.

Can the device support TFTP over WAN?

Although TFTP should work over WAN as well, it is not recommended because of the potential data corruption problems.

(82)

How fast can the data go?

The speed of the VDSL is only one part of the equation. There are a combination of factors starting with how fast your PC can handle IP traffic, then how fast your PC to cable modem interface is, then how fast the cable modem system runs and how much congestion there is on the cable network, then how big a pipe there is at the head end to the rest of the Internet.

Different models of PCs and Macs are able to handle IP traffic at varying speeds. Very few can handle it at 100 Mbps.

To create the appearance of faster network access, service companies plan to store or "cache" frequently requested web sites and Usenet newsgroups on a server at their head-end. Storing data locally will remove some of the bottleneck at the backbone connection.

How fast can they go? In a perfect world (or lab) they can receive data at speeds up to 100 Mbps. In the real world, with cost conscious cable companies running the systems, the speed will probably fall behind the speed that the ISP appointed at the first place.

What is Multi-NAT?

NAT (Network Address Translation-NAT RFC 1631) is the translation of an Internet Protocol address used within one network to a different IP address known within another network. One network is designated the inside network and the other is the outside. Typically, a company maps its local inside network addresses to one or more global outside IP addresses and "unmaps" the global IP addresses on incoming packets back into local IP addresses. The IP addresses for the NAT can be either fixed or dynamically assigned by the ISP. In addition, you can designate servers, e.g., a web server and a telnet server, on your local network and make them accessible to the outside world. If you do not define any servers, NAT offers the additional benefit of firewall protection. In such case, all incoming connections to your network will be filtered out by the device, thus preventing intruders from probing your network. The SUA feature that the device supports previously operates by mapping the

(83)

When do I need Multi-NAT?

a. Make local server accessible from outside Internet

When NAT is enabled the local computers are not accessible from outside. You can use Multi-NAT to make an internal server accessible from outside.

a. Support Non-NAT Friendly Applications

Some servers providing Internet applications such as some mIRC servers do not allow users to login using the same IP address. Thus, users on the same network cannot login to the same server simultaneously. In this case it is better to use Many-to-Many No Overload or One-to-One NAT mapping types, thus each user login to the server using a unique global IP address.

What IP/Port mapping does Multi-NAT support?

NAT supports five types of IP/port mapping. They are: One to One, Many to One, Many to Many Overload, Many to Many No Overload and Server. The details of the mapping between ILA and IGA are described as below. Here we define the local IP addresses as the Internal Local Addresses (ILA) and the global IP addresses as the Inside Global Address (IGA),

1. One to One

In One-to-One mode, the device maps one ILA to one IGA. 2. Many to One

In Many-to-One mode, the device maps multiple ILA to one IGA. 3. Many to Many Overload

(84)

5. Server

In Server mode, the device maps multiple inside servers to one global IP address. This allows us to specify multiple servers of different types behind the NAT for outside access. Note: if you want to map each server to one unique IGA please use the One-to-One mode.

The following table summarizes these types. NAT Type IP Mapping

One-to-One ILA1<--->IGA1 Many-to-One ILA1<--->IGA1 ILA2<--->IGA1 ... Many-to-Many Overload ILA1<--->IGA1 ILA2<--->IGA2 ILA3<--->IGA1 ILA4<--->IGA2 ... Many-to-Many No Overload ILA1<--->IGA1 ILA2<--->IGA2 ILA3<--->IGA3 ILA4<--->IGA4 ...

Server Server 1 IP<--->IGA1 Server 2 IP<--->IGA1

What is BOOTP/DHCP?

BOOTP stands for Bootstrap Protocol. DHCP stands for Dynamic Host Configuration Protocol. Both are mechanisms to dynamically assign an IP address for a TCP/IP client by the server. In this case, the device is a BOOTP/DHCP server. Win95 and

(85)

What is DDNS?

The Dynamic DNS service allows you to alias a dynamic IP address to a static hostname, allowing your computer to be more easily accessed from various locations on the Internet. To use the service, you must first apply an account from several free Web servers such asWWW.DYNDNS.ORG.

Without DDNS, we always tell the users to use the WAN IP of the 312 to reach our internal server. It is inconvenient for the users if this IP is dynamic. With DDNS supported by the device, you apply a DNS name (e.g., www.zyxel.com.tw) for your server (e.g., Web server) from a DDNS server. The outside users can always access the web server using the www.zyxel.com.tw regardless of the WAN IP of the 312. When the ISP assigns the device a new IP, the device updates this IP to DDNS server so that the server can update its IP-to-DNS entry. Once the IP-to-DNS table in the DDNS server is updated, the DNS name for your web server (i.e., www.zyxel.com.tw) is still usable.

When do I need DDNS service?

When you want your internal server to be accessed by using DNS name rather than using the dynamic IP address we can use the DDNS service. The DDNS server allows to alias a dynamic IP address to a static hostname. Whenever the ISP assigns you a new IP, the device sends this IP to the DDNS server for its updates.

(86)

Wireless FAQ

What is a Wireless LAN?

Wireless LANs provide all the functionality of wired LANs, without the need for physical connections (wires). Data is modulated onto a radio frequency carrier and transmitted through the ether. Typical bit-rates are 11Mbps and 54Mbps, although in practice data throughput is half of this. Wireless LANs can be formed simply by equipping PC's with wireless NICs. If connectivity to a wired LAN is required an Access Point (AP) is used as a bridging device. AP's are typically located close to the centre of the wireless client population.

What are the advantages of Wireless LANs? a. Mobility:

Wireless LAN systems can provide LAN users with access to real-time information anywhere in their organization. This mobility supports productivity and service opportunities not possible with wired networks.

b. Installation Speed and Simplicity:

Installing a wireless LAN system can be fast and easy and can eliminate the need to pull cable through walls and ceilings.

c. Installation Flexibility:

Wireless technology allows the network to go where wire cannot go. d. Reduced Cost-of-Ownership:

While the initial investment required for wireless LAN hardware can be higher than the cost of wired LAN hardware, overall installation expenses and life-cycle costs can be significantly lower. Long-term cost benefits are greatest in dynamic environments requiring frequent moves and changes.

(87)

networks of thousands of users that enable roaming over a broad area. What are the disadvantages of Wireless LANs?

The speed of Wireless LAN is still relative slower than wired LAN. The most popular wired LAN is operated in 100Mbps, which is almost 10 times of that of Wireless LAN (10Mbps). A faster wired LAN standard (1000Mbps), which is 100 times faster, becomes popular as well. The setup cost of Wireless LAN is relative high because the equipment cost including access point and PCMCIA Wireless LAN card is higher than hubs and CAT 5 cables.

Where can you find wireless 802.11 networks?

Airports, hotels, and even coffee shops like Starbucks are deploying 802.11 networks so people can wirelessly browse the Internet with their laptops. As these types of networks increase, this will create additional security risk for the remote user if not properly protected.

What is an Access Point?

The AP (access point also known as a base station) is the wireless server that with an antenna and a wired Ethernet connection that broadcasts information using radio signals. AP typically act as a bridge for the clients. It can pass information to wireless LAN cards that have been installed in computers or laptops allowing those computers to connect to the campus network and the Internet without wires.

What is IEEE 802.11?

The IEEE 802.11 is a wireless LAN industry standard, and the objective of IEEE 802.11 is to make sure that different manufactures' wireless LAN devices can communicate to each other.802.11 provides 1 or 2 Mbps transmission in the 2.4 GHz ISM band

(88)

How fast is 802.11b?

The IEEE 802.11b standard has a nominal speed of 11 megabits per second (Mbps). However, depending on signal quality and how many other people are using the wireless ethernet through a particular Access Point, usable speed will be much less (on the order of 4 or 5 Mbps, which is still substantially faster than most dialup, cable and DSL modems).

What is 802.11a?

802.11a the second revision of 802.11 that operates in the unlicensed 5 GHz band and allows transmission rates of up to 54Mbps. 802.11a uses OFDM (orthogonal frequency division multiplexing) as opposed to FHSS or DSSS. Higher data rates are possible by combining channels. Due to higher frequency, range is less than lower frequency systems (i.e., 802.11b and 802.11g) and can increase the cost of the overall solution because a greater number of access points may be required. 802.11a is not directly compatible with 802.11b or 802.11g networks. In other words, a user equipped with an 802.11b or 802.11g radio card will not be able to interface directly to an 802.11a access point. Multi-mode NICs will solve this problem.

What is 802.11g?

802.11g is an extension to 802.11b. 802.11g increases 802.11b's data rates to 54 Mbps and still utilize the 2.4 GHz ISM. Modulation is based upon OFDM (orthogonal frequency division multiplexing) technology. An 802.11b radio card will interface directly with an 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. The range at 54 Mbps is less than for 802.11b operating at 11 Mbps.

What is 802.11n?

802.11n supports frequency in both 2.4GHz and 5 GHz and its data rate from 54 Mbps up to 600 Mbps in theory; in the 802.11n Channel Doubling technology which can double the bandwidth from 20 MHz to 40 MHz and effectively doubles data rates and throughput. It adds MIMO feature, which using multiple transmission and

(89)

Is it possible to use products from a variety of vendors?

Yes. As long as the products comply with the same IEEE 802.11 standard. The Wi-Fi logo is used to define 802.11b compatible products. Wi-Fi5 is a compatibility standard for 802.11a products running in the 5GHz band.

What is Wi-Fi?

The Wi-Fi logo signifies that a product is interoperable with wireless networking equipment from other vendors. A Wi-Fi logo product has been tested and certified by the Wireless Ethernet Compatibility Alliance (WECA). The Socket Wireless LAN Card is Wi-Fi certified, and that means that it will work (interoperate) with any brand of Access Point that is also Wi-Fi certified.

What types of devices use the 2.4GHz Band?

Various spread spectrum radio communication applications use the 2.4 GHz band. This includes WLAN systems (not necessarily of the type IEEE 802.11b), cordless phones, wireless medical telemetry equipment and Bluetooth™ short-range wireless applications, which include connecting printers to computers and connecting modems or hands-free kits to mobile phones.

Does the 802.11 interfere with Bluetooth devices?

Any time devices are operated in the same frequency band, there is the potential for interference.

Both the 802.11b and Bluetooth devices occupy the same2.4-to-2.483-GHz unlicensed frequency range-the same band. But a Bluetooth device would not interfere with other 802.11 devices much more than another 802.11 device would interefere. While more collisions are possible with the introduction of a Bluetooth device, they are also possible with the introduction of another 802.11 device, or a

(90)

Can radio signals pass through walls?

Transmitting through a wall is possible depending upon the material used in its construction. In general, metals and substances with a high water content do not allow radio waves to pass through. Metals reflect radio waves and concrete attenuates radio waves. The amount of attenuation suffered in passing through concrete will be a function of its thickness and amount of metal re-enforcement used.

What are potential factors that may causes interference among WLAN products? Factors of interference:

1. Obstacles: walls, ceilings, furniture… etc.

2. Building Materials: metal door, aluminum studs.

3. Electrical devices: microwaves, monitors, electric motors. Solution:

1. Minimizing the number of walls and ceilings 2. Antenna is positioned for best reception

3. Keep WLAN products away from electrical devices, eg: microwaves, monitors, electric motors… etc.

4. Add additional APs if necessary.

What's the difference between a WLAN and a WWAN?

WLANs are generally privately owned, wireless systems that are deployed in a corporation, warehouse, hospital, or educational campus setting. Data rates are high and there are no per-packet charges for data transmission.

WWANs are generally publicly shared data networks designed to provide coverage in metropolitan areas and along traffic corridors. WWANs are owned by a service provider or carrier. Data rates are low and charges are based on usage. Specialized applications are characteristically designed around short, burst messaging.